linux-next.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Kees Cook <keescook@chromium.org>
To: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Jonas Bonn <jonas@southpole.se>,
	linux-kernel@vger.kernel.org, Al Viro <viro@zeniv.linux.org.uk>,
	Eric Paris <eparis@redhat.com>,
	linux@lists.openrisc.net, Linux-Next <linux-next@vger.kernel.org>
Subject: Re: [RE-RESEND][PATCH] audit: replace defines with C stubs
Date: Thu, 20 Sep 2012 15:40:08 -0700	[thread overview]
Message-ID: <CAGXu5jLitrZTef9uJ69Vp-jFTfDgpYipb3p1ACj6cogC3vqxMQ@mail.gmail.com> (raw)
In-Reply-To: <CAMuHMdXxXW5pPHF+6r+qcobjtTNaXP1cmkrrtdDeWcLfGop4gA@mail.gmail.com>

On Thu, Sep 13, 2012 at 12:43 PM, Geert Uytterhoeven
<geert@linux-m68k.org> wrote:
> On Tue, Aug 7, 2012 at 2:40 AM, Kees Cook <keescook@chromium.org> wrote:
>> This replaces the #defines used when CONFIG_AUDIT or CONFIG_AUDIT_SYSCALLS
>> are disabled so we get type checking during those builds.
>>
>> Suggested-by: Andrew Morton <akpm@linux-foundation.org>
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>
> JFYI, the change
>
> -#define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
> +static inline void audit_syscall_entry(int arch, int major, unsigned long a0,
> +                                      unsigned long a1, unsigned long a2,
> +                                      unsigned long a3)
> +{ }
>
> uncovers a bug on OpenRISC.
>
> Before,
>
>         audit_syscall_entry(audit_arch(), regs->gpr[11],
>                             regs->gpr[3], regs->gpr[4],
>                             regs->gpr[5], regs->gpr[6]);
>
> just expanded to nothing if CONFIG_AUDITSYSCALL was not set.
> Now, it fails to compile with:
>
> arch/openrisc/kernel/ptrace.c:190:2: error: implicit declaration of
> function 'audit_arch'
> http://kisskb.ellerman.id.au/kisskb/buildresult/7191698/

Thanks for catching this! It looks like audit.h is missing
AUDIT_ARCH_OPENRISC entirely, and that openrisc doesn't need an
audit_arch() function at all. It could use AUDIT_ARCH_OPENRISC once
that existed, which would just be EM_OPENRISC. (It looks like little
endian mode isn't used.)

I'll send a patch...

-Kees

-- 
Kees Cook
Chrome OS Security

      reply	other threads:[~2012-09-20 22:40 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20120807004041.GA27896@www.outflux.net>
2012-09-13 19:43 ` [RE-RESEND][PATCH] audit: replace defines with C stubs Geert Uytterhoeven
2012-09-20 22:40   ` Kees Cook [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAGXu5jLitrZTef9uJ69Vp-jFTfDgpYipb3p1ACj6cogC3vqxMQ@mail.gmail.com \
    --to=keescook@chromium.org \
    --cc=eparis@redhat.com \
    --cc=geert@linux-m68k.org \
    --cc=jonas@southpole.se \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-next@vger.kernel.org \
    --cc=linux@lists.openrisc.net \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).